Gosney noted that the list can't be verified in the absence of Adobe's encryption keys. But he said that with Adobe "choosing symmetric key encryption over hashing, selecting ECB mode, and using the same key for every password, combined with a large number of known plaintexts and the generosity of users who flat-out gave us their password in their password hint," he's fairly confident in the list.

Here are the 20 most common passwords, followed by the number of Adobe users who used that password:

1. 123456 - 1,911,938

2. 123456789 - 446,162

3. password - 345,834

4. adobe123 - 211,659

5. 12345678 - 201,580

6. qwerty - 130,832

7. 1234567 - 124,253

8. 111111 - 113,884

9. photoshop - 83,411

10. 123123 - 82,694

11. 1234567890 - 76,910

12. 000000 - 76,186

13. abc123 - 70,791

14. 1234 - 61,453

15. adobe1 - 56,744

16. macromedia - 54,651

17. azerty - 48,850

18. iloveyou - 47,142

19. aaaaaa - 44,281

20. 654321 - 43,670

Of course, "123456" and "password" are at the top of the list, as they so often are. And whoever used "macromedia"--a throwback to the origins of Flash and Dreamweaver--probably thought they were being pretty clever.

If you're scratching your head over the apparent stupidity of the Adobe-using public, take comfort in the fact that the top 20 passwords only account for roughly 3% of the 130,324,429 Adobe user accounts Gosney was able to obtain. The vast majority of people are using passwords that are at least somewhat unique.

Adobe confirmed the security breach on October 3, revealing that hackers stole 2.9 million encrypted credit card numbers and expiration dates. A few weeks later, Krebs on Security reported that hackers stole login information for at least 38 million active users, and possibly more than 150 million total accounts (including inactive IDs and test accounts).

Hackers also made off with some of Adobe's source code for programs including Photoshop. Security experts have warned that the theft could reveal Adobe's vulnerabilities and security schemes, leading to a new generation of malware, viruses and exploits. Laugh it up while you can.

This story, "123456: Millions of Adobe hack victims used horrible passwords" was originally published by
PCWorld.